Thirty-five million South Koreans could have had their personal data exposed by hackers targeting one of the country’s social networks.
The Korean Communications Commission claims to have traced the hack on the Cyworld social networking website and the Nate web portal to IP addresses in China. Both sites are run by SK Telecom.
Mobile phone numbers, email addresses, names and other encrypted information are believed to have been stolen in what could be the country’s biggest ever cyber attack. The population of South Korea is around 49 million.
It generates income by selling ‘acorns’ to be used in Cyworld to purchase things such as virtual furniture and wall paintings.
The Nate portal provides access to web services such email.
South Korean government ministries, banks and corporations have suffered a number of attacks in recent months. State-funded bank Nonghyup suffered a network failure in April blamed on North Korea and 1.8m customers of Hyundai Capital has their personal information compromised.
The South Korean government has drawn up a new cyber-security plan in response.
China has also recently been implicated over spear-phishing attacks on the Gmail accounts of US and South Korean officials and Chinese human rights activists.
Mark Darvill, a direcor at security firm AEP said: “By any standard this is a massive attack and one of many in recent months where the finger has been pointed at hackers based in China.
“It’s too early to say whether this attack is politically motivated or merely an attempt to steal personal information for financial gain.
“However it’s now becoming increasingly difficult to differentiate between attacks on military, communications, financial, civilian or critical infrastructure targets.”
Welcome to Silicon UK: AI for Your Business Podcast. Today, we explore how AI can…
Japanese tech investment firm SoftBank promises to invest $100bn during Trump's second term to create…
Synopsys to work with start-up SiMa.ai on joint offering to help accelerate development of AI…
Start-up Basis raises $34m in Series A funding round for AI-powered accountancy agent to make…
Data analytics and AI start-up Databricks completes huge $10bn round from major venture capitalists as…
Congo files legal complaints against Apple in France, Belgium alleging company 'complicit' in laundering conflict…
View Comments
We recently blogged about Washington's new stance that a cyber attack from a nation state will be treated as an act of war:
"Is Washington actually taking the daily/hourly/pick-your-increment hack attack seriously? Meaning not as a political expedient, but creating an environment where cyber war/crime is treated with the magnitude it merits? We sincerely hope so.
That said, if it was determined that a given breach caused harm to American treasure, then the new initiative would consider that an act of war, and rightly so. But, the attacker would have to be identified and located before any retaliation could ensue. This would require pervasive security intelligence, as we term it, or a “brain layer” over the network/s involved in the attacks."
http://blog.q1labs.com/?p=1131
Any sovereign state that determines it has been breached by another sovereign state via a cyber attack should follow Washington’s lead and treat the offense with the magnitude it merits.
John Burnham - Q1 Labs